- Nikto v2.6.0 --------------------------------------------------------------------------- + Your Nikto installation is out of date. + Target IP: 18.208.88.157 + Target Hostname: trendingrd.netlify.app + Target Port: 80 + Platform: Unknown + Start Time: 2026-03-04 12:04:41 (GMT-5) --------------------------------------------------------------------------- + Server: Netlify + Multiple IPs found: 18.208.88.157, 98.84.224.111, 2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258 + No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped. + [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy + [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP + [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy + [000702] /themes/mambosimple.php?detection=detected&sitename=: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000703] /index.php?option=search&searchword=: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). + [000704] /emailfriend/emailnews.php?id=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000705] /emailfriend/emailfaq.php?id=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000706] /emailfriend/emailarticle.php?id=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000707] /administrator/upload.php?newbanner=1&choice=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). + [000708] /administrator/popups/sectionswindow.php?type=web&link=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000709] /administrator/gallery/view.php?path=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000710] /administrator/gallery/uploadimage.php?directory=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000711] /administrator/gallery/navigation.php?directory=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000712] /administrator/gallery/gallery.php?directory=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000714] /https-admserv/bin/index?/: Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks. + [000715] /clusterframe.jsp?cluster=: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack. + [000717] /upload.php?type=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). + [000718] /soinfo.php?\">: The PHP script soinfo.php is vulnerable to Cross Site Scripting. Set expose_php = Off in php.ini. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1954 + [000725] /servlet/MsgPage?action=test&msg=: NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). + [000730] /servlets/MsgPage?action=badlogin&msg=: The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message. + [000734] /SiteServer/Knowledge/Default.asp?ctr=\">: Site Server is vulnerable to Cross Site Scripting. + [000735] /_mem_bin/formslogin.asp?\">: Site Server is vulnerable to Cross Site Scripting. + [000741] /webcalendar/week.php?eventinfo=: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). + [000776] /user.php?op=userinfo&uname=: The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. + [000777] /user.php?op=confirmnewuser&module=NS-NewUser&uNikto=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). + [000780] /templates/form_header.php?noticemsg=: MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). + [000782] /supporter/index.php?t=updateticketlog&id=<script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931 + [000783] /supporter/index.php?t=tickettime&id=<script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931 + [000784] /supporter/index.php?t=ticketfiles&id=<script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931 + [000785] /sunshop.index.php?action=storenew&username=: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. + [000786] /submit.php?subject=&story=&storyext=&op=Preview: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524 + [000787] /ss000007.pl?PRODREF=: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732 + [000790] /setup.exe?&page=list_users&user=P: CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938 + [000793] /servlet/ContentServer?pagename=: Open Market Inc. ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. + [000797] /search.php?searchstring=: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614 + [000798] /search.php?searchfor=\">: Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). See: https://web.archive.org/web/20200228105003/https://www.securityfocus.com/archive/1/315554 + [000799] /search.asp?term=<%00script>alert('Vulnerable'): ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers will render this). + [000801] /samples/search.dll?query=&logic=AND: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). + [000802] /replymsg.php?send=1&destin=: This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSS). + [000804] /postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft+Utilities\"%3: Postnuke Phoenix 0.7.2.3 is vulnerable to Cross Site Scripting (XSS). + [000806] /pm_buddy_list.asp?name=A&desc=B%22%3E%3Ca%20s=%22&code=1: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/28589 + [000809] /phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\">: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). + [000810] /phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\">&MMN_position=[X:X]: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). + [000811] /phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\">: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). + [000812] /phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\">: phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). + [000814] /phptonuke.php?filnavn=: PHP-Nuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1995 + [000816] /phpinfo.php?VARIABLE=: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287 + [000817] /phpinfo.php3?VARIABLE=: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287 + [000820] /phpBB/viewtopic.php?topic_id=: phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0484 + [000821] /phpBB/viewtopic.php?t=17071&highlight=\">\": phpBB is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0484 + [000822] /phorum/admin/header.php?GLOBALS[message]=: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3392 + [000823] /phorum/admin/footer.php?GLOBALS[message]=: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). See: OSVhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-339244 + [000826] /Page/1,10966,,00.html?var=: Vignette server is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + [000830] /netutils/whodata.stm?sitename=: Sambar Server before 6.0 beta 6 default script is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1285 + [000831] /nav/cList.php?root=: OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). + [000837] /msadm/user/login.php3?account_name=\">: The Sendmail Server Site User login is vulnerable to Cross Site Scripting (XSS). + [000838] /msadm/site/index.php3?authid=\">: The Sendmail Server Site Administrator Login is vulnerable to Cross Site Scripting (XSS). + [000839] /msadm/domain/index.php3?account_name=\">: The Sendmail Server Site Domain Administrator login is vulnerable to Cross Site Scripting (XSS). + [000840] /modules/Submit/index.php?op=pre&title=: Basit CMS 1.0 is vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22383 + [000841] /modules/Forums/bb_smilies.php?site_font=}-->: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + [000842] /modules/Forums/bb_smilies.php?name=: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + [000843] /modules/Forums/bb_smilies.php?Default_Theme=: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + [000844] /modules/Forums/bb_smilies.php?bgcolor1=\">: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + [000845] /modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). + [000846] /modules.php?op=modload&name=Xforum&file=&fid=2: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). + [000847] /modules.php?op=modload&name=Wiki&file=index&pagename=: Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1070 + [000848] /modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + [000849] /modules.php?op=modload&name=WebChat&file=index&roomid=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + [000850] /modules.php?op=modload&name=Members_List&file=index&letter=: This install of PHP-Nuke's modules.php is vulnerable to Cross Site Scripting (XSS). + [000851] /modules.php?op=modload&name=Guestbook&file=index&entry=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + [000853] /modules.php?op=modload&name=DMOZGateway&file=index&topic=: The DMOZGateway (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1523 + [000855] /modules.php?name=Your_Account&op=userinfo&username=bla: Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is vulnerable to Cross Site Scripting (XSS). + [000856] /modules.php?name=Your_Account&op=userinfo&uname=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + [000857] /modules.php?name=Surveys&pollID=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + [000858] /modules.php?name=Stories_Archive&sa=show_month&year=&month=3&month_l=test: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2020 + [000859] /modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2020 + [000860] /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524 + [000861] /modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + [000864] /megabook/admin.cgi?login=: Megabook guestbook is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Jun/886 + [000868] /launch.jsp?NFuse_Application=: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504 + [000869] /launch.asp?NFuse_Application=: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504 + [000872] /isapi/testisa.dll?check1=: Sambar Server 6.0 beta 6 default script is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1285 + [000874] /index.php?file=Liens&op=\">: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). + [000876] /index.php?action=storenew&username=: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. + [000877] /index.php?action=search&searchFor=\">: MiniBB is vulnerable to Cross Site Scripting (XSS). See: http://www.minibb.net + [000879] /index.php/content/search/?SectionID=3&SearchText=: eZ publish v3 and prior allow Cross Site Scripting (XSS). + [000880] /index.php/content/advancedsearch/?SearchText=&PhraseSearchText=&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS). + [000882] /html/partner.php?mainfile=anything&Default_Theme=': myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). + [000883] /html/chatheader.php?mainfile=anything&Default_Theme=': myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). + [000884] /html/cgi-bin/cgicso?query=: This CGI is vulnerable to Cross Site Scripting (XSS). + [000886] /gallery/search.php?searchstring=: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614 + [000887] /friend.php?op=SiteSent&fname=: This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524 + [000890] /forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD: YaBB is vulnerable to Cross Site Scripting (XSS) in the password field of the login page. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6133,https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1845 + [000893] /error/500error.jsp?et=1;: Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1027 + [000897] /download.php?sortby=&dcategory=: This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + [000901] /comments.php?subject=&comment=&pid=0&sid=0&mode=&order=&thold=op=Preview: This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + [000902] /cleartrust/ct_logon.asp?CTLoginErrorMsg=: RSA ClearTrust allows Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22357 + [000905] /cgi-local/cgiemail-1.6/cgicso?query=: This CGI is vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/osvdb/OSVDB:651 + [000906] /cgi-local/cgiemail-1.4/cgicso?query=: This CGI is vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/osvdb/OSVDB:651 + [000909] /calendar.php?year=&month=03&day=05: DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1536 + [000910] /ca000007.pl?ACTION=SHOWCART&REFPAGE=\">: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732 + [000911] /ca000001.pl?ACTION=SHOWCART&hop=\">&PATH=acatalog%2f: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732 + [000914] /article.cfm?id=1': With malformed URLs, ColdFusion is vulnerable to Cross Site Scripting (XSS). + [000915] /apps/web/vs_diag.cgi?server=: Zeus 4.2r2 (webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). See: https://www.mail-archive.com/bugtraq@securityfocus.com/msg11627.html + [000918] /addressbook/index.php?surname=: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0504 + [000919] /addressbook/index.php?name=: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0504 + [000920] /add.php3?url=ja&adurl=javascript:: Admanager 1.1 is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/vuln-dev/2002/Apr/270 + [000921] /a?: Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server. + [000923] /?mod=&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1243 + [001210] /mailman/admin/ml-name?\">;: Mailman is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0855 + [001211] /mail/addressaction.html?id=&newaddress=1&addressNikto=&addressemail=YovbM@example.com: IceWarp Webmail 3.3.3 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1899 + [001223] /affich.php?image=: GPhotos index.php rep Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397 + [001224] /diapo.php?rep=: GPhotos index.php rep Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397 + [001225] /index.php?rep=: GPhotos index.php rep Variable XSS. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397 + [001227] /fcgi-bin/echo?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL + [001228] /fcgi-bin/echo2?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL + [001229] /fcgi-bin/echo.exe?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL + [001230] /fcgi-bin/echo2.exe?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/nessus/FCGI_ECHO.NASL + [001240] /ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=: Sun Answerbook is vulnerable to XSS in the search field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0548 + [001241] /apps/web/index.fcgi?servers=§ion=: Zeus Admin server 4.1r2 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1785 + [001378] /index.php?err=3&email=\">: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467 + [001379] /forgot_password.php?email=\">: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467 + [001380] /bugs/index.php?err=3&email=\">: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467 + [001381] /bugs/forgot_password.php?email=\">: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467 + [001382] /eventum/index.php?err=3&email=\">: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467 + [001383] /eventum/forgot_password.php?email=\">: MySQL Eventum is vulnerable to XSS in the email field. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2467 + [001456] /login/sm_login_screen.php?error=\">: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762 + [001457] /login/sm_login_screen.php?uid=\">: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762 + [001458] /SPHERA/login/sm_login_screen.php?error=\">: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762 + [001459] /SPHERA/login/sm_login_screen.php?uid=\">: SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). See: https://www.exploit-db.com/exploits/22762 + [001487] /index.php?vo=\">: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1175 + [001503] /shopping/shopdisplayproducts.asp?id=1&cat=: VP-ASP prior to 4.50 are vulnerable to XSS attacks. See: https://seclists.org/bugtraq/2004/Jun/210 + [001504] /shopdisplayproducts.asp?id=1&cat=: VP-ASP Shopping Cart 4.x shopdisplayproducts.asp XSS. See: https://seclists.org/bugtraq/2004/Jun/210 + [001510] /showmail.pl?Folder=: @Mail WebMail 3.52 contains an XSS in the showmail.pl file. See: OSVDB-2950 + [003016] /forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">\": Vbulletin 2.2.9 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3280 + [003030] /firewall/policy/dlg?q=-1&fzone=t>&tzone=dmz: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: https://securitytracker.com/id/1008158 + [003031] /firewall/policy/policy?fzone=internal&tzone=dmz1: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: https://securitytracker.com/id/1008158 + [003032] /antispam/listdel?file=blacklist&name=b&startline=0: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3295 + [003033] /antispam/listdel?file=whitelist&name=a&startline=0(naturally): Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3295 + [003035] /theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\">,/system/status/session: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3296 + [003081] /examplesWebApp/InteractiveQuery.jsp?person=: BEA WebLogic 8.1 and below are vulnerable to Cross Site Scripting (XSS) in example code. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0624 + [003083] /sgdynamo.exe?HTNAME=: Ecometry's SGDynamo is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0375 + [003086] /aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=: Aktivate Shopping Cart 1.03 and lower are vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1212 + [003117] /webcalendar/colors.php?color=: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3632 + [003118] /webcalendar/week.php?user=\">: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3633 + [003122] /debug/dbg?host==: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + [003123] /debug/echo?name=: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + [003124] /debug/errorInfo?title===: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + [003125] /debug/showproc?proc===: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + [003170] /addressbook.php?\">